MDP*_*MDP 4 java spring jsp spring-mvc spring-security
我用Spring Security制作了一个登录系统.这是我的spring-security.xml
...
<session-management invalid-session-url="/login">
<concurrency-control max-sessions="1" expired-url="/login" error-if-maximum-exceeded="true"/>
</session-management>
<form-login
login-page="/login"
default-target-url="/index"
always-use-default-target="true"
authentication-failure-url="/login?error=true"
username-parameter="j_username"
password-parameter="j_password" />
<logout
logout-success-url="/login"
delete-cookies="JSESSIONID"
invalidate-session="true" />
...
因为我有这行 authentication-failure-url="/login?error=true"
我知道,如果 error是'true'有一个错误:它可能是" 坏凭据 "或" 最大会话数突破 ".但我想知道哪些错误真的occorred?
有没有办法,在java类(@controller)中,知道Spring给我的错误类型,以便自定义这些错误消息?
我发现这个解决方案,它似乎工作.
扩展SimpleUrlAuthenticationFailureHandler您可以将用户发送到不同的页面,并打印您想要的消息.
我的主要目标不是"覆盖",SPRING_SECURITY_LAST_EXCEPTION.message而是根据Spring安全性给我的各种错误定制错误消息.
web.xml中
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
security-config.xml(只是一些代码)
会话管理
<session-management invalid-session-url="/login" session-authentication-error-url="/login" >
<concurrency-control max-sessions="1" expired-url="/login" error-if-maximum-exceeded="true"/>
</session-management>
form-login,您可以在其中调用自己的AuthenticationFailureHandler(customFailureHandler)
<form-login
login-page="/login"
default-target-url="/index"
always-use-default-target="true"
authentication-failure-handler-ref="customFailureHandler"
username-parameter="j_username"
password-parameter="j_password" />
您自己的AuthenticationFailureHandler 的bean
<beans:bean id="customFailureHandler" class="com.springgestioneerrori.controller.CustomAuthenticationFailureHandler"/>
这是实现SimpleUrlAuthenticationFailureHandler的类
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
if(exception.getClass().isAssignableFrom(BadCredentialsException.class)) {
setDefaultFailureUrl("/url1");
}
else if (exception.getClass().isAssignableFrom(DisabledException.class)) {
setDefaultFailureUrl("/url2");
}
else if (exception.getClass().isAssignableFrom(SessionAuthenticationException.class)) {
setDefaultFailureUrl("/url3");
}
super.onAuthenticationFailure(request, response, exception);
}
}
希望这可以帮助别人.
| 归档时间: |
|
| 查看次数: |
12653 次 |
| 最近记录: |